示例1:通过包路径及类名规则为应用增加切面
该示例是通过拦截所有com.dxz.web.aop包下的以Controller结尾的所有类的所有方法,在方法执行前后打印和记录日志到数据库。
新建一个springboot项目
1:首先定义maven
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.dxz.auth</groupId> <artifactId>auth-demo1</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <name>auth-demo1</name> <description>Demo project for Spring Boot</description> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.9.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc-portlet</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aspects</artifactId> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
2:在拦截controller之前需要自定义一个注解,该注解是放在需要通过AOP织入系统日志的方法上。
package com.dxz.web.aop; import java.lang.annotation.*; @Target({ElementType.PARAMETER, ElementType.METHOD}) @Retention(RetentionPolicy.RUNTIME) @Documented public @interface SystemLog { String module() default ""; String methods() default ""; }
3:定义记录日志的切面
package com.dxz.web.aop; import java.lang.reflect.Method; import java.util.Date; import javax.servlet.http.HttpServletRequest; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.Signature; import org.aspectj.lang.annotation.After; import org.aspectj.lang.annotation.AfterReturning; import org.aspectj.lang.annotation.AfterThrowing; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; import org.aspectj.lang.annotation.Pointcut; import org.aspectj.lang.reflect.MethodSignature; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; @Component @Aspect public class LogAopAction { // 获取开始时间 private long BEGIN_TIME; // 获取结束时间 private long END_TIME; // 定义本次log实体 private LogModel logModel = new LogModel(); @Pointcut("execution(* com.dxz.web.aop.*Controller.*(..))") private void controllerMethodAspect() { } /** * 方法开始执行 */ @Before("controllerMethodAspect()") public void doBefore() { BEGIN_TIME = new Date().getTime(); System.out.println("aop--开始"); } /** * 方法结束执行 */ @After("controllerMethodAspect()") public void after() { END_TIME = new Date().getTime(); System.out.println("aop--结束"); } /** * 方法结束执行后的操作 */ @AfterReturning("controllerMethodAspect()") public void doAfter() { if (logModel.getState() == 1 || logModel.getState() == -1) { logModel.setActionTime(END_TIME - BEGIN_TIME); logModel.setGmtCreate(new Date(BEGIN_TIME)); System.out.println("aop--将logModel="+logModel +",存入到数据库"); } else { System.out.println(logModel); System.out.println("aop-->>>>>>>>不存入到数据库"); } } /** * 方法有异常时的操作 */ @AfterThrowing("controllerMethodAspect()") public void doAfterThrow() { System.out.println("aop--例外通知-----------------------------------"); } /** * 方法执行 * * @param pjp * @return * @throws Throwable */ @Around("controllerMethodAspect()") public Object around(ProceedingJoinPoint pjp) throws Throwable { // 日志实体对象 HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()) .getRequest(); // 获取当前登陆用户信息 String uid = request.getParameter("uid"); if (uid == null) { logModel.setLoginAccount("—— ——"); } else { logModel.setLoginAccount(uid); } // 拦截的实体类,就是当前正在执行的controller Object target = pjp.getTarget(); // 拦截的方法名称。当前正在执行的方法 String methodName = pjp.getSignature().getName(); // 拦截的方法参数 Object[] args = pjp.getArgs(); // 拦截的放参数类型 Signature sig = pjp.getSignature(); MethodSignature msig = null; if (!(sig instanceof MethodSignature)) { throw new IllegalArgumentException("该注解只能用于方法"); } msig = (MethodSignature) sig; Class[] parameterTypes = msig.getMethod().getParameterTypes(); Object object = null; Method method = null; try { method = target.getClass().getMethod(methodName, parameterTypes); } catch (NoSuchMethodException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } catch (SecurityException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } if (null != method) { // 判断是否包含自定义的注解,说明一下这里的SystemLog就是我自己自定义的注解 if (method.isAnnotationPresent(SystemLog.class)) { SystemLog systemlog = method.getAnnotation(SystemLog.class); logModel.setModule(systemlog.module()); logModel.setMethod(systemlog.methods()); logModel.setLoginIp(getIp(request)); logModel.setActionUrl(request.getRequestURI()); try { object = pjp.proceed(); logModel.setDescription("执行成功"); logModel.setState((short) 1); } catch (Throwable e) { // TODO Auto-generated catch block logModel.setDescription("执行失败"); logModel.setState((short) -1); } } else {// 没有包含注解 object = pjp.proceed(); logModel.setDescription("此操作不包含注解"); logModel.setState((short) 0); } } else { // 不需要拦截直接执行 object = pjp.proceed(); logModel.setDescription("不需要拦截直接执行"); logModel.setState((short) 0); } return object; } /** * 获取ip地址 * * @param request * @return */ private String getIp(HttpServletRequest request) { if (request.getHeader("x-forwarded-for") == null) { return request.getRemoteAddr(); } return request.getHeader("x-forwarded-for"); } }
其中我的LogModel实体类如下:
package com.dxz.web.aop; import java.util.Date; public class LogModel { /**日志id */ private Integer id; /** * 当前操作人id */ private String loginAccount; /**当前操作人ip */ private String loginIp; /**操作请求的链接 */ private String actionUrl; /**执行的模块 */ private String module; /**执行的方法 */ private String method; /**执行操作时间 */ private Long actionTime; /** 描述 */ private String description; /** 执行的时间 */ private Date gmtCreate; /** 该操作状态,1表示成功,-1表示失败! */ private Short state; //set()/get() }
4:业务controller中增加@SystemLog注解
package com.dxz.web.aop; import javax.servlet.http.HttpServletRequest; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("/user") public class LoginController { /** * 登录方法 * @param request * @return */ @RequestMapping(value="/toLogin", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) @SystemLog(methods="用户管理", module = "用户登录") public String toLogin(HttpServletRequest request) { System.out.println("biz--登录验证中"); return "login"; } }
5、springboot配置类
package com.dxz; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.EnableAspectJAutoProxy; @SpringBootApplication @EnableAspectJAutoProxy @ComponentScan public class AuthDemo1Application { public static void main(String[] args) { new SpringApplicationBuilder(AuthDemo1Application.class).web(true).run(args); } }
启动springboot后,
通过浏览器访问:http://localhost:8080/user/toLogin?uid=duanxz后的结果如下:
二、@Pointcut("execution(* com.dxz.web.aop.*Controller.*(..))")是“com.dxz.web.aop”包下所有以Controller结尾的类的所有方法,为了验证,我再增加2个controller如下:
package com.dxz.web.aop; import javax.servlet.http.HttpServletRequest; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("/user") public class LogoutController { /** * 退出方法 * @param request * @return */ @RequestMapping(value="/logout", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) @SystemLog(methods="用户管理", module = "用户退出") public String logout(HttpServletRequest request) { System.out.println("biz--退出逻辑"); return "logout"; } } package com.dxz.web.aop; import javax.servlet.http.HttpServletRequest; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("/user") public class TestController2 { /** * test方法 * @param request * @return */ @RequestMapping(value="/test", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) @SystemLog(methods="用户管理", module = "用户测试") public String test(HttpServletRequest request) { System.out.println("biz--test"); return "test"; } }
结果:
示例2:通过within()指定所有@RestController注解类 + @annotation()指定方法上有@Auth注解
package com.dxz.web.aop.auth; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) @Order(Ordered.HIGHEST_PRECEDENCE) //优先级,暂定最高级 public @interface Auth { boolean login() default false; } package com.dxz.web.aop.auth; import javax.servlet.http.HttpServletRequest; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; import org.springframework.stereotype.Component; @Aspect @Component public class AuthAopAction { @Before("within(@org.springframework.web.bind.annotation.RestController *) && @annotation(authParam)") public void requestLimit(JoinPoint joinPoint, Auth authParam) throws AuthException { HttpServletRequest request = null; try { Object[] args = joinPoint.getArgs(); for (int i = 0; i < args.length; i++) { if (args[i] instanceof HttpServletRequest) { request = (HttpServletRequest) args[i]; break; } } if (null == request) { System.out.println("auth handler error : target:[{}] no param : HttpServletRequest"); throw new AuthException("HttpServletRequest is null error."); } if (null != authParam && authParam.login()) { // 登录权限验证开启 //Object userId = request.getSession().getAttribute("uid"); Object userId = request.getParameter("uid"); if ("duanxz".equals(userId)) { System.out.println("账号正确,成功登录"); } else { System.out.println("账号不正确,需要重新登录"); throw new AuthException("NEED_LOGIN"); } } } catch (Exception e) { System.out.println("auth handler error : exception:{}" + e.getMessage()); throw e; } } } package com.dxz.web.aop.auth; public class AuthException extends Exception { private static final long serialVersionUID = -1341655401594111052L; public AuthException() { super(); } public AuthException(String message) { super(message); } }
下面的交易controller用于是否登录的权限验证
package com.dxz.web.aop; import javax.servlet.http.HttpServletRequest; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import com.dxz.web.aop.auth.Auth; @Controller @RestController @RequestMapping("/pay") public class PayController { @Auth(login = true) @RequestMapping(value="prePay", method = RequestMethod.GET, produces = {"application/json;charset=UTF-8"}) public String prePay(HttpServletRequest request) { String result = "预交易,uid=" + request.getParameter("uid"); System.out.println(result); return result; } }
浏览器访问:
http://localhost:8080/pay/prePay?uid=duanxz
及 http://localhost:8080/pay/prePay?uid=duanxz2的结果如下: